Cyber Security

Excellus is committed to a standards-based delivery system security program as the foundation of our support Cyber Security Services. By combining DoD DMDC standards and industry best practices, we provide a publicly accessible and documented framework through which program objectives are implemented, resulting in reduced risk and the increased predictability of program outcomes. Our approach follows strict guidelines established by the DoDI 8510.01 (DIACAP) in accordance with the Office of Management and Budget (OMB) Circular A-130, 8500.2, 8570.01-M, 8551.1, NIST 800-53 as well as all applicable security provisions and guidelines. Excellus core competencies in the Cyber Security include: Certification & Accreditation (C&A); Information Assurance and Security; FISMA; NIST Assessment and Compliance; Infrastructure and Network Security; Penetration and Vulnerability Testing; Application and Enterprise Security; Security Program Management, and; Security Training.

IT Security Solution

Application and Enterprise security
Excellus Solutions has experience supporting Information security implementations at the infrastructure level for large commercial and government clients.

  • Our range of Information Security services include :
    • Integrated Enterprise Security Solutions
    • Enterprise Security Assessment/Security Maturity Assessment at the Infrastructure Level
    • Security Architecture and Design
    • Security Policy Development and Deployment
    • FISMA / NIST /BS7799/ISO17799 Consulting and Implementation
    • SOX and PCI compliance consulting
    • SAS70 consulting
    • Disaster Recovery and contingency Planning
    • Physical Access Control Solutions
    • Network Security Audits, Assessment and Hardening Services
    • Wireless LAN Security, Firewall Services and Consulting
    • Intrusion Detection/Prevention Services
    • Vulnerability testing
    • OS level security implementations for both Unix and Windows platforms
    • Host-based Penetration Testing
    • Certification & Accreditation (C&A) services
  • Excellus Solutions has its own COTS for Identity and Access Management named SecureOne ™, featuring:
    • User Provisioning
    • Delegated provisioning model
    • Password Management
    • Audit and Compliance reporting
    • User Self Service
    • Role Based Access Control
  • SecureOne™ supports large scale implementation of Identity and Access Management projects with the following features:
    • Federated single sign-on
    • Enterprise Identity and Access Management architecture design
    • Internal employee security
    • Public user enrollment and security
    • Role based access control
    • Provisioning system
    • Password management
  • SecureOne™ supports many Federal compliance requirements with the following features:
    • Identity and Access management compliance
    • SOX compliance
    • GLB compliance
    • Certification & Accreditation (C&A) services

Information Assurance (IA)

Excellus Solutions has in-depth understanding of Insurance Assurance and is committed to a standards-based delivery system security program. Our approach follows strict guidelines established by the DoDI 8510.01 (DIACAP) in accordance with the Office of Management and Budget (OMB) Circular A-130, 8500.2, 8570.01-M, 8551.1, NIST 800-53 as well as all applicable security provisions and guidelines. Excellus Solutions Information Assurance services provide information systems security lifecycle management, vulnerability assessments and evaluations, and C&A services for DIACAP/NIACAP. Together, these services ensure that all communication transmission modes within each system and across the enterprise are able to maintain operational integrity.

  • Information Assurance: Securing the Privacy of your Data
  • Information Systems Security Lifecycle Management (ISSLM)
    • ISSE (information systems security engineering)
    • Systems Implementation (Excellus Solutions 3-step implementation process)
    • Certification and accreditation activities for DIACAP/NIACAP support
    • SDIM (Security Documentation Implementation and Maintenance Process)
    • Configuration control management
    • IAVAM (information assurance vulnerability alert management)
    • Training
    • Systems baselines, installation, repairs, or backups
  • Vulnerability Assessment and Evaluation
  • Certification and Accreditation Services
    • DIACAP & FISMA C&A and Annual Compliance
    • Security Test and Evaluation (ST&E)
    • Experience with the following testing tools
    • Comprehensive experience DIACAP Package (CDP)
    • Supporting artifacts and Plan of Actions and Milestones (POA&M)
    • Build and Test the protective features Security Technical Implementation Guidelines (STIGs)
    • Perform Information Assurance Vulnerability Alerts (IAVA) Compliance

Operational Security & Continuous Monitoring

Excellus Solutions provides a complete spectrum of managed services and solutions required to operate, administer, and defend complex enterprise networks. Excellus Solutions approach to support Information Security Operation and Continuous Monitoring is based on IT Infrastructure Library (ITIL) best practices and standards that support IT service management (ITSM). Excellus Solutions reduces the total cost of ownership (TCO) while simultaneously ensuring system and network availability, information protection, and assured information delivery.

  • Define continuous monitoring strategy
  • Establish measures and metrics
  • Establish monitoring and assessment frequencies
  • Implement a continuous monitoring program
  • Support various operations tasks
    • User Provisioning/De Provisioning, Account management services
    • Tier level troubleshooting and problem solving (Tier 1 and 2) for security related issues
    • Utilize the current electronic queuing request software
    • Incident response support
  • Support various compliance tasks
    • Facilitate user access list reviews and mitigation
    • Artifact support for various requests
    • New hire, transfer and termination identification, review and reporting
    • Vulnerability scanning review
  • Contingency planning/Disaster recovery support
    • Annual update of contingency plans
    • Annual update of business impact analysis (BIA) plans
    • Assist in preparation of annual contingency planning and training
  • Prepare and lead annual disaster recovery functional and nonfunctional exercises such as:
    • Artifacts/Reports/Access Reviews
    • Continuous Monitoring/Compliance
    • Application Vulnerability Monitoring and Follow-up